Method and System for Wireless LAN Dynamic Channel Change with Honeypot Trap

US 20070189194A1
Filed: 05/08/2006
Published: 08/16/2007
Est. Priority Date: 05/20/2002
Status: Abandoned Application

First Claim

Patent Images

1-15. -15. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network security system includes a system data store capable of storing a variety of data associated with a wireless computer network and communication transmitted thereon, a communication interface supporting wireless communication over the wireless computer network and a system processor. Configuration data associated with an access point on a wireless computer network potentially compromised by an intruder is received. Information contained within and/or derived from the received configuration data is stored. Communication with the intruder is continued by emulating the identification characteristics of the potentially compromised access point. A channel change request is transmitted to the potentially compromised access point to reroute communication between the potentially compromised access point and authorized stations such that communications may continue on a different channel.

116 Citations

View as Search Results

44 Claims

1-15. -15. (canceled)

16. A method for wireless intrusion protection, comprising:
- outlining at least one portion of a network to be protected, said at least one portion of the network occupying a physical region, the physical region comprising an airspace through which wireless signals can be transmitted;
  
  defining a security policy associated with the airspace to protect said at least one portion of the network, the security policy at least defining a type of wireless activity which constitutes a violation of the security policy;
  
  deploying one or more sensor devices within said at least one portion of the network, the one or more sensor devices being arranged within the physical region comprising the airspace, the one or more sensor devices being configured to cause at least a portion of the airspace to be secured according to the security policy;
  
  deploying a host system on the network;
  
  monitoring wireless signals in the airspace using said one or more sensor devices;
  
  determining whether a wireless signal is intended to communicate to said at least one portion of the network;
  
  detecting a violation of the security policy based at least upon the determining step and the monitoring step;
  
  automatically initiating an action based upon the violation in accordance with the security policy for the airspace to protect said at least one portion of the network.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 17. The method of claim 16, wherein the action comprises notifying an administrator responsive to detection of the violation.
  - 18. The method of claim 16, wherein the action comprises selectively restricting one or more wireless devices associated with the violation, thereby hindering engagement in communication between the one or more wireless devices and the network.
  - 19. The method of claim 18, wherein selectively restricting one or more wireless devices does not influence communications originating from or destined for other wireless devices.
  - 20. The method of claim 16, wherein the network comprises a secure wired network.
  - 21. The method of claim 20, wherein devices residing on the secure wired network encrypt communications.
  - 22. The method of claim 16, wherein the network is susceptible to attacks originating from the airspace and transmitted into the network using an access point coupled to said at least one portion of the network.
  - 23. The method of claim 16, wherein the violation is associated with an unauthorized wireless device attempting to communicate with devices coupled to the network.
  - 24. The method of claim 16, further comprising ignoring wireless signals that are intended for receipt by an unrelated network.
  - 25. The method of claim 16, wherein the violation comprises an authorized device operating outside of predefined parameters associated with the device.
  - 26. The method of claim 25, wherein the predefined parameters include a predefined physical region of operation.
  - 27. The method of claim 25, wherein the predefined parameters include configuration parameters.
  - 28. The method of claim 16, wherein the violation comprises a spoofing attack.
  - 29. The method of claim 16, wherein the sensor devices transmit wireless signals into the airspace to determine status of wireless devices in the physical region.
  - 30. The method of claim 29, wherein the status includes connectivity status with the network.
  - 31. The method of claim 16, wherein the one or more sensor devices comprise a detection region of coverage.
  - 32. The method of claim 16, wherein the one or more sensor devices comprise a prevention region of coverage.
  - 33. The method of claim 16, further comprising modeling coverage associated with the one or more sensor devices.
  - 34. The method of claim 16, wherein the action comprises filtering wireless signals originating from a wireless device associated with the violation.

35. A wireless intrusion protection system, comprising:
- one or more monitoring modules deployed within a physical region proximate to a network, the physical region comprising an airspace through which wireless signals propagate, the one or more sensor devices implementing a security policy defining at least a type of activity which comprises a violation of the security policy and being configured to protect the network, and to provide an indication of the violation;
  
  a host module configured to communicate with the one or more monitoring modules regarding security policy for the network to be protected, and to provide central management for the one or more monitoring modules, individually or collectively;
  
  wherein the one or more monitoring modules are configured to receive wireless signals propagating in the airspace and to apply the security policy to determine whether any of the wireless signals are associated with violations of the security policy;
  
  a protection module configured perform an action responsive to the indication of the security violation in accordance with the security policy.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43)
- - 36. The system of claim 35, wherein action is tailored based upon which of a plurality of policies comprising the security policy was violated.
  - 37. The system of claim 35, wherein the action comprises notifying an administrator in response to a minor security policy violation.
  - 38. The system of claim 35, wherein the action comprises a selective restriction of one or more wireless devices associated with the violation of the security policy by inhibiting the engagement of the one or more wireless devices with network devices coupled to the network.
  - 39. The system of claim 38, wherein the selective restriction does not affect the operation of the network devices.
  - 40. The system of claim 35, wherein the action comprises selectively restricting traffic originating from a wireless device associated with the violation.
  - 41. The system of claim 35, wherein the airspace renders the network vulnerable to intrusions into the network using the airspace.
  - 42. The system of claim 35, wherein the security policy is further configured to identify wireless traffic destined for another network.
  - 43. The system of claim 35, wherein the security policy is further configured to identify wireless traffic which does not violate the security policy.

44. Computer readable storage media storing instructions that upon execution by a system processor causes the system processor to perform steps comprising:
- outlining at least one portion of a network to be protected, said at least one portion of the network occupying a physical region, the physical region comprising an airspace through which wireless signals can be transmitted;
  
  defining a security policy associated with the airspace to protect said at least one portion of the network, the security policy at least defining a type of wireless activity which constitutes a violation of the security policy;
  
  deploying one or more sensor devices within said at least one portion of the network, the one or more sensor devices being arranged within the physical region comprising the airspace, the one or more sensor devices being configured to cause at least a portion of the airspace to be secured according to the security policy;
  
  deploying a host system on the network;
  
  monitoring wireless signals in the airspace using said one or more sensor devices;
  
  determining whether a wireless signal is intended to communicate to said at leas one portion of the network;
  
  detecting a violation of the security policy based at least upon the determining step and the monitoring step;
  
  automatically initiating an action based upon the violation in accordance with the security policy for the airspace to protect said at least one portion of the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirDefense Incorporated (Motorola Solutions, Inc.)
Original Assignee
AirDefense Incorporated (Motorola Solutions, Inc.)
Inventors
Hrastar, Scott

Application Number

US11/382,218
Publication Number

US 20070189194A1
Time in Patent Office

Days
Field of Search
US Class Current

370/310
CPC Class Codes

H04L 41/06   Management of faults, event...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 63/1491   using deception as counterm...

H04W 12/122   Counter-measures against at...

H04W 12/125   Protection against power ex...

H04W 88/08   Access point devices

Method and System for Wireless LAN Dynamic Channel Change with Honeypot Trap

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

116 Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Method and System for Wireless LAN Dynamic Channel Change with Honeypot Trap

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links